GitHub app: isCredentialValid doesn't work

Hmmm got it now. Thanks for the link.

I see what you are trying to do but the GitHub.isCredentialValid() isn’t applicable to Github App as it make a request to /user and this isn’t a Github App-ready endpoint. (this would’ve worked on the “old” oauth apps though)

TBH, the /user is really a swiss knife that has been used to verify whether or not the credentials provided would work…but I don’t think there isn’t an equivalent one for GIthub Apps as their permissions will vary a lot given the fine-grained permissions users can set.

The closest you can get to it (for now) authenticated as a Github App (whether via JWT or App Installation Token) would be to implement in your source code the same try/catch mechanism used on GitHub.isCredentialValid() but using Github.getRateLimit() as this seems to be an available endpoint for Apps

@bitwiseman let me pick your brains on this one. Do you think we should make GitHub.isCredentialValid() call under-the-hood different GitHub endpoints depending on the credentials used or is it the case that we simply document that developers should only use this method when using oauth apps or username/pass credentials?

Hi @timja

Both points have been discussed on #570. I really suggest you read it (I know it’s bit lengthy, but that’s going to answer most questions you may have)

From the GitHub class I can’t tell if I’m using a GitHub app

The GitHub class should be diligently created using the appropriate credentials/permissions for what you need… which means that if you get an instance of the GitHub class using new GitHubBuilder().withJwtToken(jwtToken).build() then you know you are ‘using a Github App’.

isValidCredential / getMyself don’t work

org.kohsuke.github.GHFileNotFoundException: {"message":"Resource not accessible by integration","documentation_url":"https://developer.github.com/v3/users/#get-the-authenticated-user"}

This was also discussed on #570 and I proposed to @bitwiseman that a convenience/cosmetic method was created to make it easier for developers to know how to make heads or tails of the multiple ways of authenticating to GIthub with this library.

Basically, the summarised version of why you are facing it would be:

1. App Installation Token is an OAuth token (so is personal access tokens and oauth apps)
2. This library defined the behaviour (many years ago) that if you pass an oauth token with no login then it tries to call the getMyself method which for App Installation token flow isn’t applicable as /user isn’t a GitHub App-ready endpoint. Since we may have users relying on this behaviour, we won’t change it until we are ready to bump to the 2.x version of this sdk.

How to address it:

Before the #583 PR is approved:

GitHub githubAuthAsInst = new GitHubBuilder()
                    .withOAuthToken(appInstallationToken.getToken(), "")
                    .build();

After the #583 PR is approved:

GitHub githubAuthAsInst = new GitHubBuilder()
                    .withAppInstallationToken(appInstallationToken.getToken())
                    .build();

Hope this helps